Actions
Patch #29162
closed
Only allow visible custom fields as aggregation criteria in time reports
Description
In time reports, the user can currently select any custom field defined in the Redmine system as an aggregation criteria. This can lead to confusion since the returned data might not reflect the custom field or might even lead to an information leak regarding the existence of a hidden custom field. The data returned in the report itself is correctly filtered so that the field is only considered if it is actually visible to the current user.
The attached patch filters the custom fields available as aggregation criteria in the report to only allow the use of visible custom fields.
Files
Related issues
Updated by Holger Just over 6 years ago
- Related to Patch #29161: Avoid SQL errors when adding a project custom field as a time report criteria added
Updated by Holger Just over 6 years ago
Updated by Go MAEDA over 6 years ago
- Target version set to Candidate for next minor release
Updated by Go MAEDA over 6 years ago
- File 29162@2x.png 29162@2x.png added
- Target version changed from Candidate for next minor release to 3.3.9
I confirmed the problem. Setting the target version to 3.3.9.
Updated by Go MAEDA over 6 years ago
- Status changed from New to Resolved
- Assignee set to Go MAEDA
Updated by Go MAEDA over 6 years ago
- Status changed from Resolved to Closed
- Target version changed from 3.3.9 to 4.0.0
Committed. Thank you for detecting and fixing this issue.
Actions